The problem occurs in the function my_strdup() in an repnz scans ... stuff.If you give a input of more than 82 characters to mysql client as the database name the client will overflow. This is not a big problem since it isn't setuid. hmm... mysql -u user -phmm `perl -e 'print Ax100'` fix the my_strdup function shit stuff >Submitter-Id: <submitter ID> >Originator:Renato F. Lima >Organization: Cimcorp Telnet >MySQL support: none >Synopsis: A little overflow >Severity:non-critical with no setuid(the default) >Priority: low >Category: mysql >Class: sw-bug >Release: mysql-3.22.32 (Source distribution) >Environment: System: FreeBSD chronoz.telnet.com.br 4.1.1-RELEASE FreeBSD 4.1.1-RELEASE #2: Sun Jun 17 23:06:35 BRT 2001 [EMAIL PROTECTED]:/usr/src/sys/compile/MYKERNEL i386 Some paths: /usr/bin/perl /usr/bin/make /usr/local/bin/gmake /usr/bin/gcc /usr/bin/cc GCC: Using builtin specs. gcc version 2.95.2 19991024 (release) Compilation info: CC='gcc' CFLAGS='' CXX='gcc' CXXFLAGS='' LDFLAGS='' Configure command: ./configure --with-unix-socket-path=/var/tmp/mysql.sock --with-low-memory --with-mit-threads=yes Perl: This is perl, version 5.005_03 built for i386-freebsd --------------------------------------------------------------------- Before posting, please check: http://www.mysql.com/manual.php (the manual) http://lists.mysql.com/ (the list archive) To request this thread, e-mail <[EMAIL PROTECTED]> To unsubscribe, e-mail <[EMAIL PROTECTED]> Trouble unsubscribing? Try: http://lists.mysql.com/php/unsubscribe.php